CVE-2026-46091 - Vulnerability Details

- media: rc: igorplugusb: heed coherency rules

Description

In the Linux kernel, the following vulnerability has been resolved:

media: rc: igorplugusb: heed coherency rules

In a control request, the USB request structure
can be subject to DMA on some HCs. Hence it must obey
the rules for DMA coherency. Allocate it separately.

Published: 2026-05-27

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< bc04b8633b375af6ac8a8bb615258b80fe06cdaa
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< 81f0fb813e4bf28b3ca28dc218938a32eb48f740
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< 0e84aa8fc23c7578f105e3a2160f9d0aa2bed79a
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< 18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< 0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< 0adac0ee2c42027d80bac02ea9b576a88f8955d3
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< a62ca67e3c72fb297dc7c86495ba8f7329d7f150
`b1c97193c6437a6083da67f8e97c8ee29b2f1989`	affected	< eac69475b01fe1e861dfe3960b57fa95671c132e

Linux

affected

Version	Status	Constraints
`3.19`	affected	—
`0`	unaffected	< 3.19
`5.10.259`	unaffected	≤ 5.10.*
`5.15.210`	unaffected	≤ 5.15.*
`6.1.176`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a)`	affected	code_commit	—
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc)`	affected	code_commit	—
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,0adac0ee2c42027d80bac02ea9b576a88f8955d3)`	affected	code_commit	—
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,a62ca67e3c72fb297dc7c86495ba8f7329d7f150)`	affected	code_commit	—
`[b1c97193c6437a6083da67f8e97c8ee29b2f1989,eac69475b01fe1e861dfe3960b57fa95671c132e)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`3.19`	affected	generic	—
`[0,3.19)`	unaffected	generic	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.86,6.13.0)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00122.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0adac0ee2c42027d80bac02ea9b576a88f8955d3
https://git.kernel.org/stable/c/0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc
https://git.kernel.org/stable/c/0e84aa8fc23c7578f105e3a2160f9d0aa2bed79a
https://git.kernel.org/stable/c/18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a
https://git.kernel.org/stable/c/81f0fb813e4bf28b3ca28dc218938a32eb48f740
https://git.kernel.org/stable/c/a62ca67e3c72fb297dc7c86495ba8f7329d7f150
https://git.kernel.org/stable/c/bc04b8633b375af6ac8a8bb615258b80fe06cdaa
https://git.kernel.org/stable/c/eac69475b01fe1e861dfe3960b57fa95671c132e
https://lore.kernel.org/linux-cve-announce/2026052703-CVE-2026-46091-fb17@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46091
https://www.cve.org/CVERecord?id=CVE-2026-46091

History

Fri, 19 Jun 2026 12:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/0e84aa8fc23c7578f105e3a2160f9d0aa2bed79a https://git.kernel.org/stable/c/81f0fb813e4bf28b3ca28dc218938a32eb48f740 https://git.kernel.org/stable/c/bc04b8633b375af6ac8a8bb615258b80fe06cdaa

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-821
References		https://lore.kernel.org/linux-cve-announce/2026052703-CVE-2026-46091-fb17@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46091 https://www.cve.org/CVERecord?id=CVE-2026-46091

Wed, 27 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-788

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately.
Title		media: rc: igorplugusb: heed coherency rules
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0adac0ee2c42027d80bac02ea9b576a88f8955d3 https://git.kernel.org/stable/c/0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc https://git.kernel.org/stable/c/18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a https://git.kernel.org/stable/c/a62ca67e3c72fb297dc7c86495ba8f7329d7f150 https://git.kernel.org/stable/c/eac69475b01fe1e861dfe3960b57fa95671c132e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:58:35.422Z

Updated: 2026-06-19T11:59:27.632Z

Reserved: 2026-05-13T15:03:33.097Z

Link: CVE-2026-46091

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:30.647

Modified: 2026-06-17T10:53:03.180

Link: CVE-2026-46091

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46091 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T02:45:05Z

Weaknesses

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object